CSE 5/7349 – Mid Term Exam
March 8, 2006
Name: ________________________
1. [8 pts] Define the following terms as succinctly and accurately as possible:
(i) S/MIME _________________________________________________
_________________________________________________________
_________________________________________________________
(ii) Authentication _____________________________________________
_________________________________________________________
_________________________________________________________
(iii) Hashing _________________________________________________
_________________________________________________________
_________________________________________________________
(iv) Base64 Encoding __________________________________________
_________________________________________________________
_________________________________________________________
(v) Tunneling ________________________________________________
_________________________________________________________
_________________________________________________________
(vi) AES ____________________________________________________
_________________________________________________________
_________________________________________________________
(vii) IPSec __________________________________________________
_______________________________________________________
_______________________________________________________
1
2. [8 pts] Answer the Following (CSE 5350 only answer 3):
(i)
Compute 31582614 mod 16 ________________________________
(ii)
Is 3 a primitive root of 11? ________________________________
(iii)
If you BASE64 encode 60 bytes, how many bytes will your result be?
______________________________________________________
(iv)
What fields are in a Kerberos V4 AS -> C message? ___________
______________________________________________________
3. [6 pts] Mark the following algorithms as useful for Encryption, Authentication,
Key Exchange, Compression, and/or printable character encoding: (CSE 5350
only answer 6)
(i)
AES __________________________________________________
(ii)
RSA __________________________________________________
(iii)
Elliptic Curve __________________________________________
(iv)
Diffie-Hellman _________________________________________
(v)
ZIP___________________________________________________
(vi)
Base64 ________________________________________________
(vii)
Uuencode _____________________________________________
(viii) SHA-1 ________________________________________________
(ix)
MD5 _________________________________________________
2
4. [6 pts] Your boss is concerned about the security of 3DES and requests that you
encrypt it twice for an effective “6DES”.
(i)
What would the new effective key length be?
(ii)
What attack would you use to cryptanalyze this message?
(iii)
Would DES followed by AES be much better than AES or DES alone?
5. [4 pts] Give two benefits of compression before encryption. Give two benefits of
authentication before encryption.
3
6. [6 pts] The IP packets are received in the following order with the following AH
sequence numbers: 3, 4, 8, 40, 50, 33, 80, 12, 20, 19, 49, 50, 90, 100, 200, 150,
135, 136, 137.
(i)
What packets are passed through the replay verification using the
default window size?
(ii)
What packets are dropped?
(iii)
What network performance parameter is most important in selecting
the window size?
4
7. [8 pts] A network is set-up as in Figure A. For the scenarios outlined below, give
the location of the AH header(s), and each IP Header within the packet. Indicate
the source and destination addresses for each IP header.
Computer
H1
L1
Gateway
G1
L2
Gateway
G2
L3
Computer
H2
(i)
H1 sends to H2, and the traffic is protected over link L2 through IPSec
tunneling by the Gateways. Give the packet at L2.
(ii)
Computer H1 sends to Computer H2 and the traffic is protected by
transport mode IPSec by the computers as well as tunneling at the
gateways. Give the packet at link L2.
(iii)
Computer H1 sends a tunnel-mode packet to gateway G2 for
forwarding to H2 as a regular IP packet. Give the packet at L2.
5
8. [8 pts] Give an example of a “Man-in-the-Middle” attack of a Diffie-Hellman Key
Exchange. Indicate the message flow using equations for the math transmitted
with each message. Use p for the prime and  for the primitive root and Xn for
the “secret” key selected by ‘n’ and Yn for the “public” key selected by ‘n’.
Show the content of each message passed and the computed shared keys.
9. [8 pts] If IPSec is used instead of PGP, what aspects of e-mail transmissions are
still unsecured?
6
10. [10 pts] How does a Kerberos server, “V” get the key “K” for decrypting the
authentication block of a service request? What keeps others from getting the key
as it is communicated?
11. [10 pts] Consider a board of directors with 10 or more people. If the company
safe has a single 128-bit key, devise a mechanism where each person must
remember a single 128-bit key and any two people must be present to open the
safe. Ensure that even if a single key is compromised, the security is still about
128-bits. (Hint. Consider a line y=mx+b where the y-intercept is the 128-bit key)
CSE7350 Only: How would you extend this concept to require 3 people to be
present?
7
12. [6 pts] What are the major operations of PGP and the order they are performed on
an outbound message?
13. [6 pts] Give 3 differences between Kerberos V4 and Kerberos V5.
(CSE 5350 Give only 2)
8
14. [6 pts] A message is double encrypted with two affine ciphers:
F: Cf = (af * p + bf) mod 26
G: Cg = (ag * p + bg) mod 26
Find a new ah and bh such that H(p) = G(F(p)).
9